DevFW-CICD/ingress-nginx-helm

Author	SHA1	Message	Date
Fabián Sellés Rosa	e9664c2566	Add disable path overlap validation flag ## What this PR does / why we need it: In https://github.com/kubernetes/ingress-nginx/issues/5651 there was a request to throw an error when there are two ingresses defining the same host and path, which was implemented as part of the validation webhook. Despite of this there are clear rules on the ingress controller that describes what the controller would do in [such situation (the oldest rule wins)](https://github.com/kubernetes/ingress-nginx/blob/main/docs/how-it-works.md?plain=1#L27) Some users are relying on this validation behaviour to prevent misconfigurations, but there are use cases where allowing it, maybe temporarily, is helpful. Those use cases includes: - Splitting large ingresses objects in smaller ones https://github.com/kubernetes/ingress-nginx/issues/10820 - Moving ingress objects between namespaces without downtime (like when you transfer an ingress from team A that owns namespace A to team B that owns namespace B) https://github.com/kubernetes/ingress-nginx/issues/10090 <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> ## Types of changes - [ ] Bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds functionality) - [ ] CVE Report (Scanner found CVE and adding report) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation only ## Which issue/s this PR fixes It might help with #10820 <!--- Please describe in detail how you tested your changes. --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> ## How Has This Been Tested? building an image and testing it in a local cluster, will update later with some real life scenarios <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> ## Checklist: - [X] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. - [X] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide - [X] I have added unit and/or e2e tests to cover my changes. - [X] All new and existing tests passed. Change-Id: I9d4124d1c36876b06d63100cd10988eaf2f41db9	2024-11-26 15:58:34 +01:00
chengjoey	e5c29d1ce4	Controller: Fix panic in alternative backend merging. (#11789 )	2024-08-13 01:37:37 -07:00
Carlos Tadeu Panato Junior	12fbe9b163	golangci-lint update, ci cleanup, group dependabot updates (#11071 ) * bump golangci-lint to v1.56.x Signed-off-by: cpanato <ctadeu@gmail.com> * cleanup empty lines Signed-off-by: cpanato <ctadeu@gmail.com> * group dependabot updates Signed-off-by: cpanato <ctadeu@gmail.com> * run on job changes as well Signed-off-by: cpanato <ctadeu@gmail.com> * remove deprecated checks Signed-off-by: cpanato <ctadeu@gmail.com> * fix lints and format Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>	2024-03-07 02:39:53 -08:00
Chen Chen	b3060bfbd0	Fix golangci-lint errors (#10196 ) * Fix golangci-lint errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix dupl errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix comments Signed-off-by: z1cheng <imchench@gmail.com> * Fix errcheck lint errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix assert in e2e test Signed-off-by: z1cheng <imchench@gmail.com> * Not interrupt the waitForPodsReady Signed-off-by: z1cheng <imchench@gmail.com> * Replace string with constant Signed-off-by: z1cheng <imchench@gmail.com> * Fix comments Signed-off-by: z1cheng <imchench@gmail.com> * Revert write file permision Signed-off-by: z1cheng <imchench@gmail.com> --------- Signed-off-by: z1cheng <imchench@gmail.com>	2023-08-31 00:36:48 -07:00
Ricardo Katz	c5f348ea2e	Implement annotation validation (#9673 ) * Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk	2023-07-21 20:32:07 -07:00
Chen Chen	d44a8e0045	Fix golang-ci linter errors (#10128 ) * Fix golang-ci linter errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix gofmt errors Signed-off-by: z1cheng <imchench@gmail.com> * Add nolint comment to defaults.Backend in Configuration Signed-off-by: z1cheng <imchench@gmail.com> * Add #nosec comment to rand.New func Signed-off-by: z1cheng <imchench@gmail.com> * Fix errcheck warnings Signed-off-by: z1cheng <imchench@gmail.com> * Fix gofmt check Signed-off-by: z1cheng <imchench@gmail.com> * Fix unit tests and comments Signed-off-by: z1cheng <imchench@gmail.com> --------- Signed-off-by: z1cheng <imchench@gmail.com>	2023-07-03 05:50:52 -07:00
Jintao Zhang	cccba35005	Revert "Remove fastcgi feature" (#10081 ) * Revert "Remove fastcgi feature (#9864)" This reverts commit `90ed0ccdbe`. * revert fastcgi* annotations warning Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> --------- Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>	2023-06-13 12:55:59 -07:00
guangwu	114ae77fb7	chore: pkg imported more than once (#10048 )	2023-06-11 11:49:47 -07:00
Chen Chen	1503695b30	Fix typo in controller_test (#10034 ) Signed-off-by: z1cheng <imchench@gmail.com>	2023-06-03 10:50:41 -07:00
Ricardo Katz	1282345be2	Admission warning (#9975 ) * Add warning feature in admission code * Apply suggestions from code review Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * Add deprecation and validation path notice --------- Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2023-05-25 07:56:52 -07:00
James Strong	01c9a2bf25	Revert Implement pathType validation (#9511 ) (#9607 ) Signed-off-by: James Strong <strong.james.e@gmail.com>	2023-02-12 22:57:29 -08:00
James Strong	7d1c47ab54	Switch logic on path type validation and setting it to false (#9543 ) * update path type validation to be false and update e2e test scripts Signed-off-by: James Strong <strong.james.e@gmail.com> * update to make tests clear Signed-off-by: James Strong <strong.james.e@gmail.com> * update test params Signed-off-by: James Strong <strong.james.e@gmail.com> * Adding else per pr comments Signed-off-by: James Strong <james.strong@chainguard.dev> --------- Signed-off-by: James Strong <strong.james.e@gmail.com> Signed-off-by: James Strong <james.strong@chainguard.dev>	2023-01-31 17:09:06 -08:00
Ricardo Katz	da98c744b9	Implement pathType validation (#9511 )	2023-01-16 23:51:23 -03:00
Makhonin Alexey	39b5ce844b	Add new prometheus metric for orphaned ingress (#8230 ) * Add new metric for orhaned ingress * Fix const labels * Fix after rebase	2023-01-16 04:22:51 -08:00
Marcus Noble	e7bee5308e	added option to disable sync event creation (#8528 ) * added option to disable event creation Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Re-trigger github workflows Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2023-01-09 06:37:31 -08:00
Tomas Hulata	3579ed0487	feat: switch from endpoints to endpointslices (#8890 ) * endpointslices Signed-off-by: tombokombo <tombo@sysart.tech> * cleanup Signed-off-by: tombokombo <tombo@sysart.tech> * fix rbac Signed-off-by: tombokombo <tombo@sysart.tech> * fix comments Signed-off-by: tombokombo <tombo@sysart.tech> * cleanup store, add store tests Signed-off-by: tombokombo <tombo@sysart.tech> * fix copyright date Signed-off-by: tombokombo <tombo@sysart.tech> Signed-off-by: tombokombo <tombo@sysart.tech>	2022-09-23 12:38:04 -07:00
Ricardo Katz	c86d50ecef	Move APIs to be used by both controller and configurer (#8854 )	2022-07-21 17:32:48 -07:00
Ricardo Katz	4c6a7ee158	Decouple shared functions between controllers (#8829 ) * Decouple shared functions between controllers * Apply suggestions from code review Co-authored-by: Jintao Zhang <tao12345666333@163.com> * Fix package names and fmt Co-authored-by: Jintao Zhang <tao12345666333@163.com>	2022-07-20 11:53:44 -07:00
Ricardo Katz	89ed571d2a	Implement object deep inspector (#8456 )	2022-04-11 07:06:07 -07:00
Elvin Efendi	04035cc1c2	Do not validate ingresses with unknown ingress class in admission webhook endpoint. (#8221 )	2022-02-06 12:28:51 -08:00
Ricardo Katz	15567b07c0	Trim spaces from badword items (#7921 )	2021-11-15 20:37:29 -03:00
zryfish	7203a0b8bd	support watch namespaces matched namespace selector (#7472 ) skip caching namespaces at cluster scope if only watching single namespace add --watch-namespace-selector in user guide add e2e test	2021-11-12 11:46:28 -08:00
Ricardo Katz	67e13bf692	Add option to sanitize annotation inputs (#7874 ) * Add option to sanitize annotation inputs * Fix e2e tests after string sanitization * Add proxy_pass and serviceaccount as denied values	2021-11-12 11:40:30 -08:00
Ricardo Katz	4fc57dcc49	Change enable-snippet to allow-snippet-annotation (#7670 ) Signed-off-by: Ricardo Pchevuzinske Katz <rkatz@vmware.com>	2021-09-20 16:52:23 -07:00
Ricardo Katz	5e6ab651ec	Add option to force enabling snippet directives (#7665 ) Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>	2021-09-19 12:40:08 -07:00
wenhuwang	6593cb244b	fix ingress-nginx panic when the certificate format is wrong. (#7443 ) * fix ingress-nginx panic when the certificate format is wrong. Signed-off-by: wang_wenhu <976400757@qq.com> * Add unit test. Signed-off-by: wang_wenhu <976400757@qq.com> * Update controller_test.go	2021-08-23 18:58:14 -07:00
Ricardo Katz	90c79689c4	Release v1 (#7470 ) * Drop v1beta1 from ingress nginx (#7156) * Drop v1beta1 from ingress nginx Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix intorstr logic in controller Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * fixing admission Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * more intorstr fixing * correct template rendering Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix e2e tests for v1 api Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix gofmt errors * This is finally working...almost there... Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Re-add removed validation of AdmissionReview * Prepare for v1.0.0-alpha.1 release Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Update changelog and matrix table for v1.0.0-alpha.1 (#7274) Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * add docs for syslog feature (#7219) * Fix link to e2e-tests.md in developer-guide (#7201) * Use ENV expansion for namespace in args (#7146) Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does. * chart: using Helm builtin capabilities check (#7190) Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944) It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780 * Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107) * Fix MaxWorkerOpenFiles calculation on high cores nodes * Add e2e test for rlimit_nofile * Fix doc for max-worker-open-files * ingress/tcp: add additional error logging on failed (#7208) * Add file containing stable release (#7313) * Handle named (non-numeric) ports correctly (#7311) Signed-off-by: Carlos Panato <ctadeu@gmail.com> * Updated v1beta1 to v1 as its deprecated (#7308) * remove mercurial from build (#7031) * Retry to download maxmind DB if it fails (#7242) * Retry to download maxmind DB if it fails. Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Add retries count arg, move retry logic into DownloadGeoLite2DB function Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Reorder parameters in DownloadGeoLite2DB Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Remove hardcoded value Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Release v1.0.0-alpha.1 * Add changelog for v1.0.0-alpha.2 * controller: ignore non-service backends (#7332) * controller: ignore non-service backends Signed-off-by: Carlos Panato <ctadeu@gmail.com> * update per feedback Signed-off-by: Carlos Panato <ctadeu@gmail.com> * fix: allow scope/tcp/udp configmap namespace to altered (#7161) * Lower webhook timeout for digital ocean (#7319) * Lower webhook timeout for digital ocean * Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29 * update OWNERS and aliases files (#7365) (#7366) Signed-off-by: Carlos Panato <ctadeu@gmail.com> * Downgrade Lua modules for s390x (#7355) Downgrade Lua modules to last known working version. * Fix IngressClass logic for newer releases (#7341) * Fix IngressClass logic for newer releases Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Change e2e tests for the new IngressClass presence * Fix chart and admission tests Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix helm chart test Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix reviews * Remove ingressclass code from admission * update tag to v1.0.0-beta.1 * update readme and changelog for v1.0.0-beta.1 * Release v1.0.0-beta.1 - helm and manifests (#7422) * Change the order of annotation just to trigger a new helm release (#7425) * [cherry-pick] Add dev-v1 branch into helm releaser (#7428) * Add dev-v1 branch into helm releaser (#7424) * chore: add link for artifacthub.io/prerelease annotations Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com> * k8s job ci pipeline for dev-v1 br v1.22.0 (#7453) * k8s job ci pipeline for dev-v1 br v1.22.0 Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * k8s job ci pipeline for dev-v1 br v1.21.2 Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * remove v1.21.1 version Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * Add controller.watchIngressWithoutClass config option (#7459) Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com> * Release new helm chart with certgen fixed (#7478) * Update go version, modules and remove ioutil * Release new helm chart with certgen fixed * changed appversion, chartversion, TAG, image (#7490) * Fix CI conflict * Fix CI conflict * Fix build.sh from rebase process * Fix controller_test post rebase Co-authored-by: Tianhao Guo <rggth09@gmail.com> Co-authored-by: Ray <61553+rctay@users.noreply.github.com> Co-authored-by: Bill Cassidy <cassid4@gmail.com> Co-authored-by: Jintao Zhang <tao12345666333@163.com> Co-authored-by: Sathish Ramani <rsathishx87@gmail.com> Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com> Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com> Co-authored-by: Tom Hayward <thayward@infoblox.com> Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com> Co-authored-by: Tore <tore.lonoy@gmail.com> Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl> Co-authored-by: Shahid <shahid@us.ibm.com> Co-authored-by: James Strong <strong.james.e@gmail.com> Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com> Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com> Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>	2021-08-21 13:42:00 -07:00
Ricardo Katz	d226d831bd	Update go version, modules and remove ioutil	2021-08-06 14:15:21 -03:00
wasker	f222c752be	Enable session affinity for canaries (#7371 )	2021-07-29 14:23:19 -07:00
Aditya Sharma	475bcde64c	Skip validation checks if an ingress is marked as deleted (#7216 ) Signed-off-by: Aditya Sharma <git@adi.run>	2021-06-08 09:27:34 -07:00
qianyong	b6dc384afb	Bugfix: non-host canary ingress use default server name as host to merge	2021-05-14 10:25:12 +08:00
Mahnoor Mehboob	bc8a731e28	reset backend and disableCatchAll to og value	2021-04-26 17:32:50 -04:00
Mahnoor Mehboob	8f7fecab17	Deny catch-all ingress when DisableCatchAll is set	2021-04-24 11:49:45 -04:00
Josh Soref	a8728f3d2c	Spelling	2020-12-15 16:10:48 -05:00
Manuel Alejandro de Brito Fontes	1389cc0e80	Refactor extraction of ingress pod details	2020-11-19 17:31:28 -03:00
Manuel Alejandro de Brito Fontes	3f153add00	Refactor handling of path Prefix and Exact	2020-11-10 07:21:34 -03:00
Manuel Alejandro de Brito Fontes	a767b1d906	Cleanup	2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes	29ea30a4e8	Add events for NGINX reloads	2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes	7722fa38aa	Add admission controller e2e test	2020-09-26 16:06:58 -03:00
Matthew Silverman	9612180f6e	reject annotations with default prefix in the case of an override	2020-09-10 09:16:44 -04:00
Andreas Sommer	c775b439dc	Case-insensitive TLS host matching	2020-04-28 11:07:43 +02:00
Manuel Alejandro de Brito Fontes	a95d850384	Add support for PathTypeExact	2020-04-23 11:12:37 -04:00
Manuel Alejandro de Brito Fontes	efbb3f9fc8	Add support for IngressClass and ingress.class annotation	2020-04-22 09:15:32 -04:00
Manuel Alejandro de Brito Fontes	04ef782c57	Migrate ingress.class annotation to new IngressClassName field	2020-03-31 12:20:01 -03:00
Manuel Alejandro de Brito Fontes	a46126a034	Update client-go methods to support context and and new create and delete options	2020-03-27 19:52:51 -03:00
Laszlo Janosi	ced67e53a1	New logic: proxy-ssl parameters can be applied on locations only Add: new parameter in the ConfigMap to control whether the proxy-ssl parameters of an Ingress should be applied on server and location levels, or only on location level Add: logic in the config handling to work according to the new ConfigMap parameter Add: unit test case	2020-01-29 10:00:55 +01:00
qianyong	435377f47f	Fix panic on multiple ingress mess up upstream is primary or not	2019-08-30 07:32:02 +08:00
Manuel Alejandro de Brito Fontes	23ed3ba4c4	Fix file permissions to support volumes	2019-08-15 20:48:37 -04:00
Manuel Alejandro de Brito Fontes	80bd481abb	Only support SSL dynamic mode	2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes	3d7a09347d	Apply fixes suggested by staticcheck	2019-07-08 16:18:52 -04:00

1 2

63 commits